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Amendments to the Claims; 

This Listing of Claims will replace all prior versions and listings of claims in 
the application: 

Listing of Claims; 

Claims 1-19 (canceled). 

20. (new) A computer system having an input/output processing imit for 
executing a file access, an access execution imit for requesting a file access via the 
input/output processing unit in response to a user instruction, and an access control unit for 
performing access control when the file access is executed, wherein the access control imit 
comprises: 

a storage xmit protected fi-om the access execution imit; 

a file list stored in the storage unit describing security levels of files; 

a user list stored in the storage unit describing clearances of users; 

an access control processing unit for determining whether the file access is 
legal in accordance with the file list, the user list, an access type of the file access, 
information identifying a file, and information identifying a user; 

an enciphering xmit for encrypting a file when storing the file on a storage 

mediiun; 

a deciphering imit for decrypting the encrypted file when retrieving the 
encrypted file fi-om the storage mediimi; wherein the storage imit stores at least one key 
created independently of the user, which key is used for both encrypting and decrypting; and 
an access monitor imit which: 

when the input/output processing unit executes a file access, sends the 
access type, the information identifying the file, and the information identifying the user to 
the access control processing unit; 

receives a validity determination result of the file access from the 
access control processing unit; and 

if the file access is legal, causes the input/output processing unit to 
execute the file access, and if the file access is illegal, inhibits the file access. 
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21 . (new) A system as in claim 20 further comprising an exclusive control 
imit for protecting, from the access execution imit, a storage area of the storage imit to be 
used by the access control processing unit. 

22. (new) A system as in claim 21 further comprising a user Ust 
setting/managing unit for setting and managing the user list. 

23. (new) A system as in claim 22 wherein the user list setting/managing unit 
includes an authentication imit for authenticating a security administrator. 

24. (new) A system as in claim 23 wherein the security administrator is 
different from a system administrator who manages the access execution unit. 

25. (new) A system as in claim 20 further comprising a file list 
setting/managing unit for setting and managing the file list. 

26. (new) A system as in claim 25 wherein the file list setting/managing unit 
includes an authentication imit for authenticating a security administrator. 

27. (new) A system as in claim 26 wherein the security administrator is 
different from a system administrator who manages the access execution unit. 

28. (new) A system as in claim 20 further comprising: 

an enciphering unit for encrypting a file if the file access requesting to output a 
file to the storage unit is legal; and 

a deciphering unit for decrypting the enciphered file if the file access for 
requesting to input the enciphered file from the storage unit is legal. 

29. (new) A system as in claim 28 wherein an exclusive control unit protects 
from the access execution unit a storage area in the storage unit storing at least one key 
infomiation set to be used by the enciphering unit and the deciphering unit. 
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30. (new) A system as in claim 20 wherein the enciphering unit and the 
deciphering unit use a plurality set of different key information and at least one cipher 
method for each security level written in the file list. 



31. (new) A system as in claim 20 further comprising an input/output 
monitor imit for monitoring that the input/output processing xmit or the access monitor xmit is 
not tampered or performs a predetermined operation, and instructing to inhibit an 
input/output of a file if the input/output processing unit or the access monitor imit is tampered 
or performs an operation different firom the predetermined operation. 

32. (new) A system as in claim 20 further comprising a file access log 
processing unit for storing and managing information on each file access sent to the access 
control processing unit. 

33. (new) A system as in claim 20 wherein the access control unit is realized 
by a software module. 

34. (new) A system as in claim 20 wherein the access control unit is realized 
by a hardware module. 

35. (new) A system as in claim 20 wherein the key comprises a symmetric 

key. 



